[HarfBuzz] harfbuzz: Branch 'master' - 2 commits

Behdad Esfahbod behdad at kemper.freedesktop.org
Wed Dec 5 23:37:29 UTC 2018 

 src/hb-cff-interp-common.hh                                                         |   18 ++++++++--
 test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5768186323009536 |binary
 2 files changed, 16 insertions(+), 2 deletions(-)

New commits:
commit 81cfd3c775dbc470f57d7fe2775cc068ffa367b6
Merge: 8394a6cb 6708c559
Author: Behdad Esfahbod <behdad at behdad.org>
Date:   Wed Dec 5 15:37:15 2018 -0800

    Merge pull request #1455 from harfbuzz/cff-strinc_assert
    
    [CFF] fix oss-fuzz issue 11675 (ASSERT: count <= str.len)

commit 6708c5595fc6babdae0132f8a23cbe3558a58703
Author: Michiharu Ariza <ariza at adobe.com>
Date:   Wed Dec 5 12:51:18 2018 -0800

    fix oss-fuzz issue 11675 (ASSERT: count <= str.len)
    
    Also added an additional error check to avail ()

diff --git a/src/hb-cff-interp-common.hh b/src/hb-cff-interp-common.hh
index f2ccc2bd..9b595ff1 100644
--- a/src/hb-cff-interp-common.hh
+++ b/src/hb-cff-interp-common.hh
@@ -391,8 +391,22 @@ struct SubByteStr
 
   inline operator ByteStr (void) const { return ByteStr (str, offset, str.len - offset); }
 
-  inline bool avail (unsigned int count=1) const { return str.check_limit (offset, count); }
-  inline void inc (unsigned int count=1) { offset += count; assert (count <= str.len); }
+  inline bool avail (unsigned int count=1) const
+  {
+    return (!in_error () && str.check_limit (offset, count));
+  }
+  inline void inc (unsigned int count=1)
+  {
+    if (likely (!in_error () && (offset <= str.len) && (offset + count <= str.len)))
+    {
+      offset += count;
+    }
+    else
+    {
+      offset = str.len;
+      set_error ();
+    }
+  }
 
   inline void set_error (void) { error = true; }
   inline bool in_error (void) const { return error; }
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5768186323009536 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5768186323009536
new file mode 100644
index 00000000..858604d7
Binary files /dev/null and b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-subset-fuzzer-5768186323009536 differ

More information about the HarfBuzz mailing list